Pipeline Operators Not Immune from Hacking
At least 4 U.S. pipeline operators have recently been victimized by a cyber-attack – Oneok, Energy Transfer Partners, Boardwalk Pipeline Partners, and Eastern Shore Natural Gas. These reports follow the recent discovery that Russia has (allegedly) been hacking into the U.S. electric grid. The lesson? Nothing online is immune from system hacking.
How the Pipeline Operators were Attacked
The attackers targeted the companies’ communication / EDI networks, specifically an industry platform called Latitude. Pipeline operators generally utilize these networked systems to facilitate communications with customers and electronically exchange documents and data. Latitude also hosts websites, and many of these went down with the attacks as well. The good news is that the attacks did not corrupt any data, nor did they prevent or hinder the flow of natural gas, but they did create the need to find alternative communication methods, a process that wasted both time and money.
The attack prompted the operators to temporarily shut down some of their systems. It is not clear how the problem was solved, but most of the systems were back up and running within 24 hours. Complicating matters is the fact that some of these communication networks are run by third party companies, which takes away much of the control that pipeline operators have when it comes to maximizing cybersecurity. This reality did not seem to have much of an impact this time, but it definitely increases risk.
This article has more details on the hacks, but the bottom line is that we are only now starting to fully understand and manage the cyber risk. And according to the article, pipeline operators are likely viewed as an entry point, not the primary targets. In other words, the hackers are getting a little practice time in! It will be interesting to see how other pipeline operators – as well as the various utility sectors – attempt to mitigate this risk going forward. I, for one, will definitely be watching.